- URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).
- Body arguments refer to data communicated via POST paramaters in the HTTP request body.
A quick conclusion: The secure choice for transmission of any sensitive data is to use POST statements over SSL/TLS. Any other option will expose data at some point in the communication.
This is a guest post by Michael Coates, a senior application security consultant with extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide.
The original text is published on ...Application Security...
Talkback and comments are most welcome
OWASP Publishes Top 10 Web App Security Risks for 2010
Creating Your Own Web Server
Web Site that is not Easy to hack - Part 2 HOWTO
Web Site that is not that easy to hack - Part 1 HOWTO
Tutorial - Secure Web Based Job Application
Labels: information security